IT Trenches

Are you getting lots of SPAM? Is your organization’s internet link being saturated due to tons of inbound spam and maybe outbound non-delivery notices for invalid addresses? About 3 years ago, ours was too. Continued »

There is often a misunderstanding of what network speed is versus capacity. The speed of data transfer is not just a function of the capacity (bandwidth) of the link, but of the distance between the endpoints. To find distances: Go to http://www.infoplease.com/atlas/calculate-distance.html to get distances between locations.

Considerations about the impact of latency and network throughput:
Networks do not transfer data in a continuous stream, as many people think, but in small packets. The server sends a packet to your computer, which sends an acknowledgement back (TCP/IP protocol). Upon receipt of the acknowledgement the server sends the next packet. This is called handshaking, it’s a little game of ping-pong.

The speed of light is 299792 kilometers per second. The maximum number of ping-pongs per second is therefore 299792 divided by twice the distance between you and the server. If the server is 1000 kilometers away that’s 149 ping-pongs per second. Every ping-pong is 1 packet, so if the packet size is 1 bit the server can only send you 149 bits per second. The speed of the network is immaterial, even a gigabit network cannot break the speed of light. The server is not sending data while waiting for the acknowledgement, waiting means less throughput, so the speed is reduced because of the distance. The further away,
the lower the speed.

Here’s some information that I came across but do not know the original source that will also help explain this situation.

Would you say that a Boeing 747 is three times “faster” than a Boeing 737? Of course not. They both cruise at around 500 miles per hour. The difference is that the 747 carries 500 passengers where as the 737 only carries 150. The Boeing 747 is three times bigger than the Boeing 737, not faster.

Now, if you wanted to go from New York to London, the Boeing 747 is not going to get you there three times faster. It will take just as long as the 737.

In fact, if you were really in a hurry to get to London quickly, you’d take Concorde, which cruises around 1350 miles per hour. It only seats 100 passengers though, so it’s actually the smallest of the three. Size and speed are not the same thing.

NOTE: In the internet world, there is no such thing as a Concorde. Data speed is limited to the speed of light. The speed of light in a vacuum is ~300,000 km/sec. – p.s. The Concorde jet service ceased operations in 2003 (http://en.wikipedia.org/wiki/Concorde)

On the other hand, If you had to transport 1500 people and you only had one plane to do it, the 747 could do it in three trips where the 737 would take ten, so you might say the Boeing 747 can transport large numbers of people three times faster than a Boeing 737, but you would never say that a Boeing 747 is three times faster than a Boeing 737.

That’s the problem with communications devices today. Manufacturers say “speed” when they mean “capacity”. The other problem is that as far as the end-user is concerned, the thing they want to do is transfer large files quicker. It may seem to make sense that a high-capacity slow link might be the best thing for the job. What the end-user doesn’t see is that in order to manage that file transfer, their computer is sending dozens of little control messages back and forth. The thing that makes computer communication different from television is interactivity, and interactivity depends on all those little back-and-forth messages.

Microsoft has created a new resource for customers – the Microsoft Support Lifecycle Informational Update. This quarterly newsletter highlights current information regarding the support of Microsoft products and includes:

·News and information on the Support Lifecycle policy and programs

·Key products currently transitioning to different phases of the Support Lifecycle

oMainstream Support to Extended Support

oExtended Support to Non-Support

oMainstream Support to Non-Support

oService packs going out of support

·A three-year calendar of Microsoft products and where they are in the Support Lifecycle

·Resources and links to additional information

Understanding where your products are in the Support Lifecycle will help you plan your IT environment, including product upgrades and migrations. It will also enable you to better understand what you can do to keep your products supported, such as transitioning to new service packs or exploring existing alternatives to the end of support.

Microsoft will not use or sell your contact information for any purpose other than to send you the Microsoft Support Lifecycle Informational Update. Your information will remain private and secure. You can review the Microsoft Privacy Policy at http://privacy.microsoft.com.

There will always be some user saying “the internet is slow”. There are many resources out there to test internet connections. The Measurement Lab is one I came across the other day. There are several useful tools under this page. Some of the tools and descriptions are listed below. Maybe one of these will be useful to you or your users some day. Just remember you heard about it on IT-Trenches! Thanks for reading and let’s continue to be good network citizens.

This may be a couple of years old, but the need for infosecurity tools and requirements for cheap solutions has not changed. This was first published in the CSO magazine in 2006. The tools have only gotten better since then. Hope you can find some use for the tools that it recommends in these trying budget & resource times.

I have written before about IT being an accelerator for the financial crisis. Another recent article, this time from Wired called Recipe for Disaster: The Formula That Killed Wall Street, seems to show how extremely complex risk measurement is and how someone tried to design a model to express that risk. It is the same for information security professionals. Take some time, read the Wired article and substitute the words “information security” where the word “finance” is used. See if it mirrors the current information security risk situation today. It may shed some light on how complex the situation has become and what the impact may be if something is not done by security professionals to head off an information security meltdown – but wait… are we already there with some of the botnets, conflicker, etc.? Let me know your thoughts on this.

There is a recent bill introduced in both the House and Senate to strengthen current legislation addressing online child predators. The bill is known as the ‘Internet Stopping Adults Facilitating the Exploitation of Today’s Youth (SAFETY) Act of 2009’ There are several provisions in the proposed bill, but one that causes me to stop and wonder how effective the legislation will really be.

The particular section I am referring to is shown below.

SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE PROVIDERS.

‘(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.’.

This section places a lot of responsibility on the “provider of an electronic communication service or remote computing service.” Where does this actual responsibility lie? Is it with the ISP (top end – think ATT) or is it with the reseller or commercial user of those reseller’s services? Does this include your organization or mine?

What I am also concerned about is the requirement to track the “identity of a user of a temporarily assigned network address that the service assigns to that user.” Is the address assigned to a user or a device? Can it be confirmed who the actual user of the device was at the time of the event(s) in question? Wiretapping is one thing with voice recognition, but how can you tell who was specifically using a device at a particular time? Sure there might be system logs showing who was logged in, but what was the authentication method? Was it just username & password? How strong of evidence is that?

I hope this bill to update the law gets some very careful consideration about the definitions and what identity really means in this case. It seems like the intent is to gain better documentation but I don’t think this particular language or technology is ready to support this.

Laura Chappell (the Viral Bitgirl) has announced that Sharkfest 09 registration is open and all registered attendees get a FREE AIRPCAP ADAPTER (US $198)! Sharkfest is the Developer/User Conference for Wireshark and it is sponsored by CACE Technologies and Wireshark University. Laura will be there with new, hot (or cool, if you prefer) topics, trace files, case studies and hands-on labs. Register today at Sharkfest.09 to get your free AirPcap adapter. [Dates: June 16-18, 2009-registration and BBQ on June 15th]

Laura has also announced that Chappell University is open for registration. Subscription-level service will be open soon. Chappell University is an affordable, on-demand, online training system to maintain and enhance IT skills in the area of analysis, troubleshooting and security. Some of the content includes two lab workbooks with over 100 lab exercises using Wireshark to spot network problems, security breaches, and analyze normal and abnormal TCP/IP communications. There are video answers to all the lab exercises. In addition, there’s an extensive trace file respository and additional WLAN, VoIP, bot-infections, application, etc., trace files will be added each quarter. Check out the new YouTube Channel for Chappell University and the video “Ethical Hacking with NetScanTools Pro: Tutorial on ARP Scanning to Discover All Local Hosts” (even those hidden behind firewall applications).

If you have never experienced training presented by Laura, this is your chance to get very in-depth, easy to understand technical training. Sure, some of the stuff may cost a little, but she has tons of free stuff out there also. The paid content is definitely worth it. I have her Master Library (pre-dates the new Chappell University) and I still refer to the content occasionally to refresh my skills in network analysis.

With an environment spanning 18+ sites and more than 3000 computers around the globe, you could understand how challenging it would be to track down what device/user might be locking user accounts. There are tools out there that you can pay for that can help do this. However, Microsoft has some free tools that with a little testing and use will permit you to quickly track down where the account is being locked and address the situation.

We had a situation recently where malicious software got onto a couple of machines and attempted to use the Administrator account to login. We have account lockout on our Windows 2003 AD domain, so after the appropriate number of invalid tries the Administrator account was locked out in the domain. This is because the machines were members of the domain and the malware did not distinguish the local administrator account from the domain administrator when attempting to elevate authority. Note that we use least user authority in our environment so the malware was not able to spread beyond these two machines. We suspect the machines became infected due to out of date antivirus signatures.

I don’t know about your organizations but the one I work for is doing as much as possible to reduce costs in these hard times. We have gone through the staffing reductions, travel restrictions, site closures, salary reductions like most other organizations. Now an outside vendor has come to us saying they can help save us money in printing. Granted, there may be some cost savings there and I hope there is. However, some of the statistical information they provided has me wondering about the accuracy and scope.

I don’t have full details yet of how the survey was done, but the vendor reported that the average user in this office exceeds 26 printed pages per day. So, for an office of about 80 people, this is over 2080 pages per day – or over 4 reams of paper. The survey also says that black/white costs are 2.5 cents per page and color is 17.2 cents per page. Do these number seem reasonable or has your organization done a similar printing survey?

One of the issues I have with this is if the volume survey was done in January, that is not really the most representative month for printing volumes. That is the month when month-end, quarter-end and year-end financial statements are produced. There is a lot of “unusual” print volume during the first month of the year.

A cost saving recommendation, of course to come back from the vendor, is to use duplex printing where possible. Most of the printers in this office have been here for well over 5 years. They were not purchased with the duplex print options to save costs at the initial purchase time. So, this is not really an available option on most of the printers. The users of course could print 2 pages per page (as I typically try to do), but then the print is very small and can be difficult to read which can create errors or cause stress. So, is this a good option either?